FIPS cryptographic algorithms validation error reporting service


Problem: Recently we have installed the SQL Server 2008 Reporting Service on the Windows Server 2008. Reporting Service installed and configured successfully but while browsing the http://servername:80/reports it is getting failed with the error HTTP 500. Below error recoded into the Reporting Service Error log.

Unable to validate data. at System.Web.Configuration.MachineKeySection.GetDeco dedData(Byte[] buf, Byte[] modifier, Int32 start, Int32 length, Int32& dataLength) at System.Web.UI.ObjectStateFormatter.Deserialize(Str ing inputString)

Solution:

It looks reason for the above error is two different encryptions (FIPS and AES) and decryption algorithm is trying to do the validation and because of that reporting service is unable to load the reporting service URL. I have resolved the issue by following the below steps.

Reporting Service will fail to load if any of the below condition will be true.

The HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\fipsalgorithmpolicy registry value is set to 1.

ASP.NET 2.0 uses the RijndaelManaged implementation of the AES algorithm when it processes view state data

You can follow one of the below fix. Either disable the FipsAlgorithmPolocy or add the mentioned machine key into the web.config file. Browse the path HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\fipsalgorithmpolicy and changed value 1 to 0.

Open the reporting service web.config file and add the below <machinekey> into <system.web> section.

<machineKey validationKey=”AutoGenerate,IsolateApps” decryptionKey=”AutoGenerate,IsolateApps” validation=”3DES” decryption=”3DES”/>

Next step is to restart the reporting service and IIS. You can restart the IIS using IISRESET command and reporting service using NET START/STOP command.

NET STOP “SQL Server Reporting Services (MSSQLSERVER)”

NET START “SQL Server Reporting Services (MSSQLSERVER)”


Advertisements

3 thoughts on “FIPS cryptographic algorithms validation error reporting service

  1. Ian M

    Had the same issue on SQL Server 2012. If you cannot disable the FIPS group policy and have to apply the line to the config file, you should know that there are TWO web.config files to modify. One in the Report Manager subfolder and one in the Reporting Services subfolder.

    Reply
  2. Ian M

    Had the same issue on SQL Server 2012. If you cannot disable the FIPS group policy and have to apply the line to the config file, you should mention that there are TWO web.config files to modify. One in the Report Manager subfolder and one in the Reporting Services subfolder.

    Reply

Thanks for the comment, will get back to you soon... Jugal Shah

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s